What happens if you get stuck between dueling antivirus tools? It can happen, especially if you install an antivirus screening tool on a computer that is running Internet Explorer version 6. IE v6 comes automatically included with Windows XP, and is available as a separate download for older Windows versions. It includes an updated version of Outlook Express, OE v.6, that was designed to improve email security but, in fact, can cause some system problems.

What's the issue, exactly? Well, let's start with where it originates. The Outlook Express part of IE6 contains a new set of options for the Security tab that can be found from Tools | Options, as shown below:

As you can see from the options, OE v6 includes two rudimentary virus protection features, something long requested by many corporate users. Users can now have OE issue a warning and thereby prevent other applications from using OE to send email - a common behavior of many Trojans and other macro viruses - by checking the appropriate box in this screen. This is a good thing.

The second new feature lets you, by checking the corresponding box on this screen, tell OE to block attachments that could be viruses from being opened or saved. While this latter choice is probably not as dependable as using a full-featured antivirus tool, it is a step in the right direction for Microsoft and could prove useful for all OE users.

So what's the problem? Well, this particular feature would be a step in the right direction had Microsoft done a better job of implementing it. I found out the hard way that checking this second box ("Do not allow attachments to be saved…") will remove quite a few attachments that aren't viruses but that OE doesn't recognize and therefore treats as dangerous. Among the benign attachments that OE did remove from my system were Zip files, PDFs and the eFax fax files. None of these can be compromised, to my knowledge, by virus authors.

This Microsoft Web page offers additional information about the new security features. However, reading that page will take some careful study, and it is somewhat confusing. Basically, Microsoft will allow you to add additional file types to the IE6/OE6 watch list. You could end up spending a lot of time fooling around with this option. I found it just easier to not bother with trying to fine-tune this, after hours of experimenting with sending myself faxes and Zip files and seeing what got through and what didn't.

It is far easier to depend on a good antivirus screener. Indeed, when I first experienced the problem of my Zip/PDF/eFax files not getting through, I put the blame on my Norton Anti-Virus software. I was wrong, though, and it took me a lot of sleuthing to figure that out.

The best solution is to stay away from this option in OE v6 right now, until Microsoft does a better job implementing these security features and giving you more control over them. Instead, stick with the antivirus screening tool of your choice, and depend on that to block infected attachments and other nasty things from penetrating your system.

I would, however, make use of the first OE6 antivirus option ("warn me …") because it doesn't interfere with third-party antivirus tools and can only help when you get an infection that proceeds to create emails to your entire address book without your knowledge.

I am partial to the Symantec line and in particular think that Norton Anti-Virus 2001 has the best control over blocking various infections. You can turn on Script Blocking (under Options| System | Script Blocking), and you can also exclude certain file types from being scanned (under Options | System | Exclusions, although I wouldn't bother unless you have a problem here). Norton Anti-Virus 2002 has less control over its behavior; for that reason, unless you are running XP or NT and can't use 2001, I would recommend sticking with NAV 2001 for now.

Certainly, you can run OE v6 without the antivirus option turned on. And the additional features from OE v5 to v6 aren't worth the upgrade. So don't bother with the download if you are happy with OE v5.

Configuring your antivirus software shouldn't be this hard. And Microsoft shouldn't make OE such an easy target for virus authors. But until these wonderful moments come to pass, in the meantime you should protect your PCs appropriately. You might also consider alternative email software to OE such as can be from Opera, Poco, or Eudora: they don't have the vulnerable scripting "feature" found in OE and all are freely available for the downloading.

David Strom has written over a thousand articles for various computer trade publications and Web sites, and publishes his own essay series called Web Informant that can be found at http://strom.com. His latest book, Home Networking Survival Guide, was published in Sept. 2001 by McGraw-Hill/Osborne and can be found at Amazon.com and other major book retailers.